Tag Archives: vulnerability

Brian Krebs / Krebs on Security : USPS patches API flaw that let anyone with a usps.com account view details of 60M users, over a year after a researcher says he disclosed the vulnerability — U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details …

Digital Defense, Inc., a leading security technology and services provider, today announced that its Vulnerability Research Team (VRT) uncovered four previously undisclosed vulnerabilities within the... (PRWeb October 23, 2018) Read the full story at https://www.prweb.com/releases/multiple_arcserve_zero_day_vulnerabilities_disclosed_by_digital_defense_inc_researcher/prweb15856735.htm

FitMetrix, a fitness technology and performance tracking company owned by gym booking giant Mindbody, has exposed millions of user records because it left several of its servers without a password. The company builds fitness tracking software for gyms and group classes — like CrossFit and SoulCycle — that displays heart rate and other fitness metric information for interactive workouts. FitMetrix was acquired by gym and wellness scheduling service Mindbody earlier this year for $15.3 million, according to a government filing . Last week, a security researcher found three FitMetrix unprotected servers leaking customer data. It isn’t known how long the servers had been exposed, but the servers were indexed by Shodan, a search engine for open ports and databases, in September. The servers included two of the same ElasticSearch instances and a storage server — all hosted on Amazon Web Service — yet none were protected by a password, allowing anyone who knew where to look to access the data on millions of users. Bob Diachenko, Hacken.io’s director of cyber risk research, found the databases containing 113.5 million records — though it’s not known how many users were directly affected. Each record contained a user’s name, gender, email address, phone numbers, profile photos, their primary workout location, emergency contacts and more. Many of the records were not fully complete. The storage server, hosted in an Amazon S3 bucket, stored user profile pictures, but remained open at the time of writing. For that reason, we’re not linking to it. Diachenko, who wrote up his findings , contacted the company via the email address a week ago but the company only secure the server after TechCrunch reached out. “We recently became aware that certain data associated with FitMetrix technology stored online may have been publicly exposed,” said Jason Loomis, Mindbody’s chief information security officer.

Stacy Cowley / New York Times : To fight fraud, banks and retailers use behavioral biometrics to build millions of user profiles by tracking how they type, swipe, tap when using sites and apps — When you're browsing a website and the mouse cursor disappears, it might be a computer glitch — or it might be a deliberate test to find out who you are.

Android Police CTL Chromebox CBx1 review: A good Chrome OS desktop at a ... Android Police Two months ago, we reviewed the Acer Chromebox CXI3. Even though the CXI3 is a fantastic Chrome OS desktop, it's somewhat expensive - the model we ... and more »

At Def Con this weekend, Josh Mitchell, a cybersecurity consultant with Nuix, showed how various models of body cameras can be hacked, tracked and manipulated. Mitchell looked at devices produced by five companies -- Vievu, Patrol Eyes, Fire Cam, Dig...

I have good news! The infamous SS7 networks used by mobile operators to interoperate, e.g. when you’re roaming — which were built on trust, essentially devoid of security, and permitted rampant fraud, SMS hijacking, eavesdropping, password theft, etc. — are being replaced. Slowly. But I have bad news, too! Which is: the new systems still have gaping holes. One such was described at the Def Con hacking convention today by Dr. Silke Holtmanns of Nokia Bell Labs. She gave a fascinating-to-geeks-like me summary of how the IPX network , which connected five Scandinavian phone systems in 1991, using the SS7 protocol suite secured entirely by mutual trust, has grown into a massive global “private internet” connecting more than 2,000 companies and other entities. It is this private network-of-networks that lets you fly to another country and use your phone there, among many other services. The quote which stood out most starkly from her slides regarding IPX was this: “Security awareness only recently started (2014).” That’s … awfully late to start thinking about security for a massive semi-secret global network with indirect access to essentially every phones, connected car, and other mobile/SIM-card enabled device on the planet. He understated grimly.

Enlarge (credit: DLink) Hackers have been exploiting a vulnerability in DLink modem routers to send people to a fake banking website that attempts to steal their login credentials, a security researcher said Friday. The vulnerability works against DLink DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B models that haven’t been patched in the past two years. As described in disclosures here , here , here , here , and here , the flaw allows attackers to remotely change the DNS server that connected computers use to translate domain names into IP addresses. According to an advisory published Friday morning by security firm Radware, hackers have been exploiting the vulnerability to send people trying to visit two Brazilian bank sites—Banco de Brasil’s www.bb.com.br and Unibanco’s www.itau.com.br—to malicious servers rather than the ones operated by the financial institutions. In the advisory, Radware researcher Pascal Geenens wrote: Read 5 remaining paragraphs | Comments

Customers using devices from four major cell phone carriers could unknowingly be exposing sensitive data to hackers, according to the Department of Homeland Security (DHS). Fifth Domain reports that DHS-funded researchers from mobile security firm Kr...

Samsung's SmartThings hub suffered from 20 vulnerabilities that could have allowed attackers to control the internet-of-things devices connected to it. Thankfully, security intelligence firm Cisco Talos discovered the flaws and worked with the Korean...

Dean Takahashi / VentureBeat : Line Corp. acquires a majority stake in Korean game developer NextFloor and sets up Line Games as new publisher of mobile games — Japanese mobile messaging firm Line Corp. has acquired a majority stake in game developer NextFloor and it has set up Line Games as a new publisher of mobile games.

Connie Loizos / TechCrunch : Equidate, a San Francisco-based marketplace that makes privately held shares available to accredited investors wanting to buy them, raises $50M Series B — Equidate, a 4.5-year-old, San Francisco-based marketplace that makes privately held shares available to accredited investors wanting to buy them …

Jordan Crook / TechCrunch : Gym membership startup ClassPass raises $85M Series D led by Temasek, bringing the total funding raised to $255M — ClassPass today announced the close of an $85 million Series D financing round led by Temasek, the same firm that led the startup's Series C financing.

Shlomi Dolev Contributor Shlomi Dolev is the Chair Professor and founder of the Computer Science department of Ben-Gurion University of the Negev. He is the author of Self-Stabilization . Shlomi also is a cybersecurity entrepreneur and the co-founder and chief scientist of Secret Double Octopus . More posts by this contributor The quantum computing apocalypse is imminent The world stands at the cusp of one of the greatest breakthroughs in information technology. Huge leaps forward in all fields of computer science, from data analysis to machine learning, will result from this breakthrough. But like all of man’s technological achievements, from the combustion engine to nuclear power, harnessing quantum comes with potential dangers as well. Quantum computers have created a slew of unforeseen vulnerabilities in the very infrastructure that keeps the digital sphere safe. The underlying assumption behind nearly all encryption ciphers used today is that their complexity precludes any attempt by hackers to break them, as it would take years for even our most advanced conventional computers to do so. But quantum computing will change all of that. Quantum computers promise to bring computational power leaps and bounds ahead of our most advanced machines. Recently, scientists at Google began testing their cutting edge 72 qubit quantum computer. The researchers expect to demonstrate with this machine quantum supremacy , or the ability to perform a calculation impossible with traditional computers. Chink in the Armor Today’s standard encryption techniques are based on what’s called Public Key Infrastructure or PKI, a set of protocols brought to the world of information technology in the 1970’s.

LTE was theoretically supposed to fix the security holes baked into earlier wireless standards, but it isn't completely immune. An international team of researchers has discovered a attack methods (nicknamed aLTEr) that takes advantage of inherent f...

About Killer Apps

KillerApps.TV gives you a first look at the newest technology hitting the market throughout the year. We cover all the killer applications of technology, not just the mobile apps on your smart devices, but technology in your home, entertainment, gifts, health and more.

Each month, we add new videos and content that will keep you in the loop of what’s hot! The site also keeps you current on daily news from the world of technology.